Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0262-1

Опубликовано: 08 фев. 2021
Источник: suse-cvrf

Описание

Security update for nextcloud

This update for nextcloud fixes the following issues:

  • nextcloud was upgraded to version 20.0.7
    • CVE-2020-8294: Fixed a missing link validation (boo#1181803)
    • CVE-2020-8295: Fixed a denial of service attack (boo#1181804)
    • CVE-2020-8293: Fixed an input validation issue (boo#1181445)

Список пакетов

openSUSE Leap 15.2
nextcloud-20.0.7-lp152.3.6.1
nextcloud-apache-20.0.7-lp152.3.6.1

Ссылки

Описание

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

Затронутые продукты
openSUSE Leap 15.2:nextcloud-20.0.7-lp152.3.6.1
openSUSE Leap 15.2:nextcloud-apache-20.0.7-lp152.3.6.1
Ссылки

Описание

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.

Затронутые продукты
openSUSE Leap 15.2:nextcloud-20.0.7-lp152.3.6.1
openSUSE Leap 15.2:nextcloud-apache-20.0.7-lp152.3.6.1
Ссылки

Описание

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.

Затронутые продукты
openSUSE Leap 15.2:nextcloud-20.0.7-lp152.3.6.1
openSUSE Leap 15.2:nextcloud-apache-20.0.7-lp152.3.6.1
Ссылки